Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
There are plenty of privilege escalation vulnerabilities in Linux / Unix (e.g. with CUPS etc), but they have not been exploited in the wild. Probably also a bunch in OS X, but the security patches that Apple release give little in the way of information (how's that for FUD)

Stuxnet was a spear-fishing attack. If the intended target had been using Macs then exploits would have been found on the OS X platform.

Mac OS X Lion is about to be released and Snow Leopard has only had 2 elevation of privileges vulnerabilities (EoP - the type of privilege escalation vulnerability that allows system level access) since bing released.

It is not that researchers are not looking. These local exploits are used in iOS jailbreaks, yet those vulnerabilities have not been affecting OS X. The vulnerabilities are often found in kernel components not unique to iOS. But, the two platforms do use somewhat different implementations of security mitigations so this is the most likely explanation.

Also, most EoP vulnerabilities are leveraged by manipulating the Windows registry, including those win32k.sys vulnerabilities in the link in my previous post. OS X does not utilize a system that stores settings for kernel drivers that is exposed to users like the Windows registry.

It is possible that such an attack could be performed on a Mac. But, the low incidence rate of EoP vulnerabilities makes it much more difficult and definitely unlikely to be used in malware in comparison to that potential in Windows.

This type of malware has been seen in malware in the wild for Windows for attacks much like more typical malware, such as Tigger/Syzor, rather than Stuxnet. The much higher incidence rate of EoP vulnerabilities in Windows along with documentation and tools to turn them into exploits increases the likelihood of this type of malware occurring in the wild that targets the average computer user.
 
this is good to know

Ever since another article brought up the uncheck that Open Safe downloads preference in Safari I've done so.

But ClamXav just found a trojan on my iMac which I promptly deleted, it did not say it was MacDefender or MacGuard (was a string of letters and numbers which I did not memorize) and I don't know how long it had been buried in my user files.

Needless to say, I'm bummed that whatever it was got in, but grateful ClamXav quickly isolated it so I could delete the file.

I have noticed that searching for images in google have pulled up a lot of suspicious sites lately, so no more searches for me. It's not like I need the reference materials any more any way.

I'm glad that Apple is taking an active stance on this (as well they should), but I'm not surprised this is happening.
 
Hi !

Well, I was wondering if someone had an link that has been infected with MacGuard or MacDefender, I'd like to make a small video for my friends to tell them not to click on it... So I'll infect myself to tell them how not to have it, and how to remove it if they already clicked it...!

Thanks !

-Francis
 
apple should start catering to real mac users again, and not to the lowest common demonator = pc users!

Please don't pretend to know or define what a "real" Mac user is. It's as fallacious as the "true fan" (ie: "no true fan this", "any true fan that").
 
I guess I should go to Pirate Bay and download Anti-Malware software then? :D

No need - just browse around the web (preferred option Safari with default settings) and it will 'detect' your need of AV software and automatically download either MacDefender, MacProtector or MacGuard for you (new on demand AV Software might be added any day). All you have to do is click through the installer after it was downloaded for you and you are safe. You know - its a Mac, it just works (and downloads for you what you need - you just have to install it)
 
Hey man, my brother died that way.

I'm reading a lot of Apple apologists saying basically if you're a savvy, suave Mac user you won't fall for MacDefender in all of its guises. I'm a pretty tech-savvy user and MacDefender installed and here's how: I was surfing while downloading a program. I have long ago unchecked the automatic opening of a file in Safari so that isn't the problem. MacDefender opened the installer without needing me to click on it. I, assuming, it was the program I meant to install clicked yes. The rest is history.

Of course I could have read the box, but it wasn't detailed about what it was installing either. It didn't say install MacDefender and surrender your mac to us, bwaaa haaaaa. So that's one way it slips in and even someone who is normally pretty careful can get infected.

It's not just our parents or noobs that it's hooking.

Ok, you can flame away FanBoys.
 
Of course I could have read the box, but it wasn't detailed about what it was installing either. It didn't say install MacDefender and surrender your mac to us, bwaaa haaaaa. So that's one way it slips in and even someone who is normally pretty careful can get infected.


So basically, you weren't paying attention and got infected, so anyone who does pay attention is a fanboy? It said MACDefender not once but TWICE. How much warning do you need? Better yet, how hard was it to realize that MACDefender WASN"T the application you were trying to install? What were you trying to download?
 

Attachments

  • macdefender1.png
    macdefender1.png
    140.2 KB · Views: 73
Who the hell is downloading this *****??

Ignorant people. Plain and simple ignorant people who believe a website magically scanned their computer and told them they have a virus and are offering an antivirus "solution".

I'm reading a lot of Apple apologists saying basically if you're a savvy, suave Mac user you won't fall for MacDefender in all of its guises. I'm a pretty tech-savvy user and MacDefender installed and here's how: I was surfing while downloading a program. I have long ago unchecked the automatic opening of a file in Safari so that isn't the problem. MacDefender opened the installer without needing me to click on it. I, assuming, it was the program I meant to install clicked yes. The rest is history.

Of course I could have read the box, but it wasn't detailed about what it was installing either. It didn't say install MacDefender and surrender your mac to us, bwaaa haaaaa. So that's one way it slips in and even someone who is normally pretty careful can get infected.

It's not just our parents or noobs that it's hooking.

Ok, you can flame away FanBoys.

First off, I think any thread that says such garbage as "Flame away fanboys" should have their posting rights removed. Your simply trying to be hostile.

Second, as others have stated you aren't computer savvy if you got infected. Your simply not. You fell for a social engineering trick by clicking a pop up that randomly installed on your computer. What tech savvy person does that? Seriously?

If you were tech savvy you would have made your your browser isn't set to automatically open attachments, or if you do have that set you most certainly should have read what you are clicking. Its your fault you got infected, there is no way around that. Its the same thing I tell the users at work where we are on Windows machines who do the same thing.


EDIT: Up top I mean ignorant as lacking knowledge, not stupid.
 
Last edited:
MacDefender opened the installer without needing me to click on it. I, assuming, it was the program I meant to install clicked yes. The rest is history.
What exactly was the program that you were intending to install? What website were you on that you clicked a link that downloaded and ran the installer for MacDefender instead?
 
Ignorant people. Plain and simple ignorant people who believe a website magically scanned their computer and told them they have a virus and our offering an antivirus "solution".

…Or simply people who aren't that computer literate (there's no law saying you have to be) and are vaguely aware that there are bad things out there on the internet but don't fully know what to do to protect themselves. They are potentially vulnerable to these sorts of attacks.

You don't represent the majority of users for any kind of OS. Consider others who are not like us lot and don't post on a tech forum.
 
…Or simply people who aren't that computer literate (there's no law saying you have to be) and are vaguely aware that there are bad things out there on the internet but don't fully know what to do to protect themselves. They are potentially vulnerable to these sorts of attacks.

You don't represent the majority of users for any kind of OS. Consider others who are not like us lot and don't post on a tech forum.

I don't mean ignorant as stupid, I mean ignorant as in lacking knowledge. The users who lack knowledge of such things are the ones vulnerable. (I put an edit in my above post to clear up the confusion).
 
I don't mean ignorant as stupid, I mean ignorant as in lacking knowledge.

Exactly. A skilled surgeon may be ignorant of the fact that the Bosch L-Jetronic fuel injection system on his classic German sports sedan uses a mass air flow sensor to adjust the fuel/air mixture for varying altitudes and engine load conditions.

...but he loves driving it on mountain roads.

Too bad, though, that Bosch never quite figured out the issue with too lean mixtures when you were above 2000m with temperatures over 40° - the later firmware upgrades helped, but never quite eliminated the issue.
 
?

Are you arguing that something that's not a virus is in fact a virus?

Besides, there's nothing to argue about, by definition it's not a virus.

I know it's not a virus, but by making that statement a thousand times in this thread doesn't change the fact that this malware has caused problems for a number of people. Doctor to patient, " Don't worry, you don't have cancer. You have plutonium poisoning and will be dead in 2 weeks." And then the patient feels relieved. That's what some of you sound like.

Regardless of how "stupid" people are who fall for this, it caused enough of a problem for Apple to address it. Now go back to arguing about the fact that it's not a virus.
 
I was almost snookered

I was browsing the internet using a new installation of OS X and came across the Macdefender page. I thought 'Hmmmm, a new surprise feature not on Apple's feature list." But it didn't smell right so I closed and re-opened Safari and searched for 'Macdefender'. This was at the start of Macdefender (it never did infect my Macs) but to me the bottom line is we need to get the word out that people need to be careful about what they download.
 
See the issue is you can call people ignorant but the bottom line is the majority of average users would fall for it. So are they really ignorant or are we just a bit more educated with computers/Macs?

People bought Macs under the impression you don't have to worry about security like you do on PC, you don't have to worry about that file you downloaded or anything else.

Apple created this image, Mac fanboys preached it. It just works, remember?

http://www.youtube.com/watch?v=M3Z386vXrt4 - Apple ad about viruses

So when they're browsing the web and some random installer pops up, maybe people probably thought it was something with the OS and just continued it. Macs are pretty popular with seniors, and I'd imagine most seniors would fall for this.
 
I know it's not a virus, but by making that statement a thousand times in this thread doesn't change the fact that this malware has caused problems for a number of people.

You have to understand that the people who spend all day harping on that fact are the ones that have no lives and just sit around all day looking for an opportunity to point fingers at people and call them stupid. Think about it. Any intelligent person would realize that many non-techie users incorrectly refer to all forms of malware as "viruses". Even the Wikipedia page mentions this first thing. So it's not like all these people filling pages and pages and pages with the same flipping sentences about how a trojan isn't a virus shouldn't be aware of this incorrect usage and therefore comprehend that they really are referring to MALWARE in general, but don't understand the technical difference between it and a virus.

This would be like a person saying someone must have a virus when they see a sick person and not realize it might be bacterial or even protozoa or a genetic condition of some kind. An intelligent person would understand their lack of understanding and realize what they are actually trying to say by context and then either overlook their incorrect usage or gently correct them. A vindictive persona with no life would jump up and down calling them idiots and morons and then correct them in a very condescending fashion and tell them they deserve to be infected for being so stupid or repeat themselves over and over and over as if they had nothing better to do than spam the thread with the same information.

If someone would care to take a count on here of how many users that participated in this thread did the latter versus the former or neither and then perhaps even how many of the same people posted the same information more than one time in the same thread, I know I'd be curious to see the results. In short, we don't just have Apple fanatics on here, there's a lot of mean-spirited people on here (best way I can put it without devolving to their level). Sadly, it's probably indicative of society in general.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.